/*
 * Copyright (c) 2001-2007, Tom St Denis
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <security/sprd_sha.h>

#ifdef LTC_SHA1

#define F0(x,y,z)  (z ^ (x & (y ^ z)))
#define F1(x,y,z)  (x ^ y ^ z)
#define F2(x,y,z)  ((x & y) | (z & (x | y)))
#define F3(x,y,z)  (x ^ y ^ z)

#ifdef LTC_CLEAN_STACK
static int _sha1_compress(hash_state *md, unsigned char *buf)
#else
static int  sha1_compress(hash_state *md, unsigned char *buf)
#endif
{
	uint32_t a,b,c,d,e,W[80],i;
#ifdef LTC_SMALL_CODE
	uint32_t t;
#endif

	/* copy the state into 512-bits into W[0..15] */
	for (i = 0; i < 16; i++) {
		LOAD32H(W[i], buf + (4*i));
	}

	/* copy state */
	a = md->sha1.state[0];
	b = md->sha1.state[1];
	c = md->sha1.state[2];
	d = md->sha1.state[3];
	e = md->sha1.state[4];

	/* expand it */
	for (i = 16; i < 80; i++) {
		W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
	}

	/* compress */
	/* round one */
#define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
#define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
#define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
#define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);

#ifdef LTC_SMALL_CODE

	for (i = 0; i < 20; ) {
		FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	for (; i < 40; ) {
		FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	for (; i < 60; ) {
		FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

	for (; i < 80; ) {
		FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
	}

#else

	for (i = 0; i < 20; ) {
		FF0(a,b,c,d,e,i++);
		FF0(e,a,b,c,d,i++);
		FF0(d,e,a,b,c,i++);
		FF0(c,d,e,a,b,i++);
		FF0(b,c,d,e,a,i++);
	}

	/* round two */
	for (; i < 40; )  {
		FF1(a,b,c,d,e,i++);
		FF1(e,a,b,c,d,i++);
		FF1(d,e,a,b,c,i++);
		FF1(c,d,e,a,b,i++);
		FF1(b,c,d,e,a,i++);
	}

	/* round three */
	for (; i < 60; )  {
		FF2(a,b,c,d,e,i++);
		FF2(e,a,b,c,d,i++);
		FF2(d,e,a,b,c,i++);
		FF2(c,d,e,a,b,i++);
		FF2(b,c,d,e,a,i++);
	}

	/* round four */
	for (; i < 80; )  {
		FF3(a,b,c,d,e,i++);
		FF3(e,a,b,c,d,i++);
		FF3(d,e,a,b,c,i++);
		FF3(c,d,e,a,b,i++);
		FF3(b,c,d,e,a,i++);
	}
#endif

#undef FF0
#undef FF1
#undef FF2
#undef FF3

	/* store */
	md->sha1.state[0] = md->sha1.state[0] + a;
	md->sha1.state[1] = md->sha1.state[1] + b;
	md->sha1.state[2] = md->sha1.state[2] + c;
	md->sha1.state[3] = md->sha1.state[3] + d;
	md->sha1.state[4] = md->sha1.state[4] + e;

	return CRYPT_OK;
}

#ifdef LTC_CLEAN_STACK
static int sha1_compress(hash_state *md, unsigned char *buf)
{
	int err;
	err = _sha1_compress(md, buf);
	burn_stack(sizeof(uint32_t) * 87);
	return err;
}
#endif

/**
  Initialize the hash state
  @param md   The hash state you wish to initialize
  @return CRYPT_OK if successful
  */
int sha1_init(hash_state * md)
{
	LTC_ARGCHK(md != NULL);
	md->sha1.state[0] = 0x67452301UL;
	md->sha1.state[1] = 0xefcdab89UL;
	md->sha1.state[2] = 0x98badcfeUL;
	md->sha1.state[3] = 0x10325476UL;
	md->sha1.state[4] = 0xc3d2e1f0UL;
	md->sha1.curlen = 0;
	md->sha1.length = 0;
	return CRYPT_OK;
}

/**
  Process a block of memory though the hash
  @param md     The hash state
  @param in     The data to hash
  @param inlen  The length of the data (octets)
  @return CRYPT_OK if successful
  */
HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)

	/**
	  Terminate the hash to get the digest
	  @param md  The hash state
	  @param out [out] The destination of the hash (20 bytes)
	  @return CRYPT_OK if successful
	  */
int sha1_done(hash_state * md, unsigned char *out)
{
	int i;

	LTC_ARGCHK(md  != NULL);
	LTC_ARGCHK(out != NULL);

	if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
		return CRYPT_INVALID_ARG;
	}

	/* increase the length of the message */
	md->sha1.length += md->sha1.curlen * 8;

	/* append the '1' bit */
	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;

	/* if the length is currently above 56 bytes we append zeros
	 * then compress.  Then we can fall back to padding zeros and length
	 * encoding like normal.
	 */
	if (md->sha1.curlen > 56) {
		while (md->sha1.curlen < 64) {
			md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
		}
		sha1_compress(md, md->sha1.buf);
		md->sha1.curlen = 0;
	}

	/* pad upto 56 bytes of zeroes */
	while (md->sha1.curlen < 56) {
		md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
	}

	/* store length */
	STORE64H(md->sha1.length, md->sha1.buf+56);
	sha1_compress(md, md->sha1.buf);

	/* copy output */
	for (i = 0; i < 5; i++) {
		STORE32H(md->sha1.state[i], out+(4*i));
	}
#ifdef LTC_CLEAN_STACK
	zeromem(md, sizeof(hash_state));
#endif
	return CRYPT_OK;
}

/*
 * Self-test the hash
 * @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
 */
#ifdef LTC_TEST
int  sha1_test(void)
{
	static const struct {
		const char *msg;
		unsigned char hash[20];
	} tests[] = {
		{ "abc",
			{ 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
				0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
				0x9c, 0xd0, 0xd8, 0x9d }
		},
		{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
			{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
				0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
				0xE5, 0x46, 0x70, 0xF1 }
		},
	};

	int i;
	unsigned char tmp[20];
	hash_state md;

	for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0]));  i++) {
		sha1_init(&md);
		sha1_process(&md, (unsigned char*)tests[i].msg, (uint64_t)strlen(tests[i].msg));
		sha1_done(&md, tmp);

		if (memcmp(tmp, tests[i].hash, 20) != 0) {
			printf("sha1 calculate fail.\n");
		} else {
			printf("sha1 calculate success.\n");
		}
	}
	return CRYPT_OK;
}

int main(int argc, const char *argv[])
{
	sha1_test();
	return 0;
}
#endif /* LTC_TEST */

#endif
